cloud engineer
Here’s the installation instructions for OpenJDK 8.
For Fedora, Redhat and Oracle Linux.
yum install java-1.8.0-openjdk |
yum install java-1.8.0-openjdk
For Debian and Ubuntu.
apt-get install openjdk-8-jre |
apt-get install openjdk-8-jre
To see if the packages (symbolic links) are there, they can be found in /etc/alternatives/, at least in Redhat 7.
ls -l /etc/alternatives/ |
ls -l /etc/alternatives/
If a Linux user is having an access problem with a NFS share, and particularly with key expiration, then check if the RPC GSSD service is up and running. NFS clients uses the RPCSEC_GSS protocol to establish security credentials with a NFS server using Kerberos authentication.
Here’s an example of a key expire error due to a NFS client not authenticated properly.
df -h df: '/data/dir1': Key has expired df: '/data/dir2': Key has expired df: '/data/dir3': Key has expired |
df -h df: '/data/dir1': Key has expired df: '/data/dir2': Key has expired df: '/data/dir3': Key has expired
Check if RPC GSSD service is healthy. Restart the service if there are credential errors.
service rpc-gssd status |
service rpc-gssd status
Here’s one with an authentication issue.
[root@server ~]# service rpc-gssd status Redirecting to /bin/systemctl status rpc-gssd.service ● rpc-gssd.service - RPC security service for NFS client and server Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled) Active: active (running) since Sun 2021-01-31 03:16:43 CST; 2h 14min ago Main PID: 710 (rpc.gssd) Memory: 1.6M CGroup: /system.slice/rpc-gssd.service └─710 /usr/sbin/rpc.gssd Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: No credentials found for connection to server nas.domain.com Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: No credentials found for connection to server nas.domain.com |
[root@server ~]# service rpc-gssd status Redirecting to /bin/systemctl status rpc-gssd.service ● rpc-gssd.service - RPC security service for NFS client and server Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled) Active: active (running) since Sun 2021-01-31 03:16:43 CST; 2h 14min ago Main PID: 710 (rpc.gssd) Memory: 1.6M CGroup: /system.slice/rpc-gssd.service └─710 /usr/sbin/rpc.gssd Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: No credentials found for connection to server nas.domain.com Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: No credentials found for connection to server nas.domain.com
Restart the service.
service rpc-gssd stop service rpc-gssd start |
service rpc-gssd stop service rpc-gssd start
Here’s a service that’s healthy.
[root@server ~]# service rpc-gssd status Redirecting to /bin/systemctl status rpc-gssd.service ● rpc-gssd.service - RPC security service for NFS client and server Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled) Active: active (running) since Sun 2021-01-31 05:33:54 CST; 28min ago Process: 9809 ExecStart=/usr/sbin/rpc.gssd $GSSDARGS (code=exited, status=0/SUCCESS) Main PID: 9810 (rpc.gssd) Memory: 804.0K CGroup: /system.slice/rpc-gssd.service └─9810 /usr/sbin/rpc.gssd Jan 31 05:33:54 server.domain.com systemd[1]: Starting RPC security service for NFS client and server... Jan 31 05:33:54 server.domain.com systemd[1]: Started RPC security service for NFS client and server. |
[root@server ~]# service rpc-gssd status Redirecting to /bin/systemctl status rpc-gssd.service ● rpc-gssd.service - RPC security service for NFS client and server Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled) Active: active (running) since Sun 2021-01-31 05:33:54 CST; 28min ago Process: 9809 ExecStart=/usr/sbin/rpc.gssd $GSSDARGS (code=exited, status=0/SUCCESS) Main PID: 9810 (rpc.gssd) Memory: 804.0K CGroup: /system.slice/rpc-gssd.service └─9810 /usr/sbin/rpc.gssd Jan 31 05:33:54 server.domain.com systemd[1]: Starting RPC security service for NFS client and server... Jan 31 05:33:54 server.domain.com systemd[1]: Started RPC security service for NFS client and server.
AWS EC2 Firewall rules are defined within security groups. Security groups are attached to an instance. An instance can have up to 5 security groups. Essentially, this script gathers all the security groups associated with an instance, loops through them, and then outputs the ingress and egress rules of each security group to a file in a text format.
#!/bin/bash # set variables instanceid='i-xxxxxxxxxxxxxxxx' region='us-east-1' profile='sample' # log and temp files output="ec2-sg.log" tmpfil="ec2-sg.tmp" # empty log at start > $output # get sg ids aws ec2 describe-instances \ --instance-ids $instanceid \ --region $region \ --profile $profile \ --query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil while read -r id; do echo '============================================' >> $output echo $id >> $output echo '============================================' >> $output echo '---------------- INGRESS -------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output echo '---------------- EGRESS --------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output done < $tmpfil |
#!/bin/bash # set variables instanceid='i-xxxxxxxxxxxxxxxx' region='us-east-1' profile='sample' # log and temp files output="ec2-sg.log" tmpfil="ec2-sg.tmp" # empty log at start > $output # get sg ids aws ec2 describe-instances \ --instance-ids $instanceid \ --region $region \ --profile $profile \ --query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil while read -r id; do echo '============================================' >> $output echo $id >> $output echo '============================================' >> $output echo '---------------- INGRESS -------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output echo '---------------- EGRESS --------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output done < $tmpfil
Here’s a sample output.
============================================ sg-xxxxxxxxxxxxxxx ============================================ ---------------- INGRESS ------------------- 5985 5985 tcp 10.0.0.220/32 10005 10005 tcp 10.0.0.164/32 ---------------- EGRESS -------------------- 80 80 tcp 10.0.0.14/32 40000 65535 udp 10.0.0.0/8 3389 3389 tcp 10.0.0.96/32 9389 9389 tcp 10.0.0.0/8 5985 5986 tcp 10.0.0.96/32 |
============================================ sg-xxxxxxxxxxxxxxx ============================================ ---------------- INGRESS ------------------- 5985 5985 tcp 10.0.0.220/32 10005 10005 tcp 10.0.0.164/32 ---------------- EGRESS -------------------- 80 80 tcp 10.0.0.14/32 40000 65535 udp 10.0.0.0/8 3389 3389 tcp 10.0.0.96/32 9389 9389 tcp 10.0.0.0/8 5985 5986 tcp 10.0.0.96/32